PulseAugur
EN
LIVE 14:25:38

TeamPCP hackers breach GitHub internal repos via malicious VS Code extension

By PulseAugur Editorial · [10 sources] ·

The hacker group TeamPCP has breached GitHub's internal repositories, potentially compromising source code after a GitHub employee installed a malicious VS Code extension. The group claims to have exfiltrated approximately 3,800 repositories and is attempting to sell the stolen data for at least $50,000, threatening to leak it if no buyer is found. This incident is part of a broader trend of software supply-chain attacks targeting developer tools and ecosystems. AI

IMPACT Highlights the increasing risk of supply-chain attacks targeting AI developer tools and ecosystems, potentially compromising sensitive code and credentials.

RANK_REASON Major security incident at a widely used developer platform involving potential source code theft and a ransom attempt.

Read on Forbes — Innovation →

AI-generated summary · Google Gemini · from 10 sources. How we write summaries →

TeamPCP hackers breach GitHub internal repos via malicious VS Code extension

COVERAGE [10]

  1. Forbes — Innovation TIER_1 English(EN) · Davey Winder, Senior Contributor ·

    GitHub Says 3,800 Repositories Breached—TeamPCP Hackers Demand $50,000

    A GitHub employee has unwittingly allowed 3,800 internal repositories to be breached after a device compromise with a poisoned VS Code extension.

  2. Tom's Hardware TIER_1 English(EN) · Etiido Uko ·

    Hacker group hits 3,800 internal GitHub repositories via poisoned developer plugin — TeamPCP claims source code theft and attempts $50,000 sale, employee installed malicious VS Code extension

    GitHub has confirmed a breach involving roughly 3,800 internal repositories after an employee device was compromised through a malicious VS Code extension. The TeamPCP hacker group claims it stole internal source code and attempted to sell the data for at least $50,000.

  3. Tom's Hardware TIER_1 English(EN) · Etiido Uko ·

    Compromised Mistral AI and TanStack packages may have exposed GitHub, cloud and CI/CD credentials in 'mini Shai Hulud' malware infection — supply-chain campaign spreads across npm and AI developer ecosystems like wildfire

    Microsoft says attackers compromised the mistralai PyPI package with malware that executed on import, while researchers link related npm compromises affecting TanStack and Mistral SDKs to the broader “Mini Shai-Hulud” supply-chain campaign.

  4. The Register — AI TIER_1 English(EN) ·

    Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub

    Where it’s been well and truly forked, seemingly without Microsoft’s code locker noticing

  5. Mastodon — fosstodon.org TIER_1 English(EN) · [email protected] ·

    Hacker group hits 3,800 internal GitHub repositories via poisoned developer plugin — TeamPCP claims sourc… GitHub has confirmed a breach involving roughly 3,800

    Hacker group hits 3,800 internal GitHub repositories via poisoned developer plugin — TeamPCP claims sourc… GitHub has confirmed a breach involving roughly 3,800 internal repositories after an employee device was compromised through a malicious VS Code extension. The TeamPCP hacke…

    LINKS tomshardware.com/…/hacker-group-hits-3-80… tomshardware.com/tech-industry
  6. Mastodon — fosstodon.org TIER_1 English(EN) · [email protected] ·

    📰 A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of sof

    📰 A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations. 📰 Source: Feed: All Latest 🔗 Archive: https://we…

    LINKS web.archive.org/…/teampcp-software-supply… web.archive.org
  7. Mastodon — fosstodon.org TIER_1 English(EN) · [email protected] ·

    TeamPCP claims it breached Mistral AI while the company confirms impact from the TanStack supply chain attack involving malicious NPM and PyPI packages. Mistral

    TeamPCP claims it breached Mistral AI while the company confirms impact from the TanStack supply chain attack involving malicious NPM and PyPI packages. Mistral says there’s currently no evidence of an internal infrastructure breach. https://www. technadu.com/teampcp-claims-mi st…

    LINKS technadu.com/…/627870
  8. Mastodon — fosstodon.org TIER_1 English(EN) · [email protected] ·

    Compromised Mistral AI and TanStack packages may have exposed GitHub, cloud and CI/CD credentials in 'min… Microsoft says attackers compromised the mistralai Py

    Compromised Mistral AI and TanStack packages may have exposed GitHub, cloud and CI/CD credentials in 'min… Microsoft says attackers compromised the mistralai PyPI package with malware that executed on import, while researchers link related npm compromises affecting TanStack and M…

    LINKS tomshardware.com/…/compromised-mistral-ai… tomshardware.com/tech-industry
  9. Mastodon — fosstodon.org TIER_1 Português(PT) · [email protected] ·

    Massive attack hits Mistral AI, UiPath, and TanStack npm and PyPI packages 🔗 https://tugatech.com.pt/t83314-ataque-massivo-atinge-pacotes-npm-e-pypi-da-mistral

    Ataque massivo atinge pacotes npm e PyPI da Mistral AI, UiPath e TanStack 🔗 https:// tugatech.com.pt/t83314-ataque- massivo-atinge-pacotes-npm-e-pypi-da-mistral-ai-uipath-e-tanstack # ai # ataque # mistral

    LINKS tugatech.com.pt/t83314-ataque-massivo-ati…
  10. Mastodon — mastodon.social TIER_1 Čeština(CS) · liliumf ·

    🔥 TRENDING 📢 GitHub Employee Installed Malware into VS Code, Hackers Immediately Stole 3,800 Internal Repositories - Cnews.cz 🔗 https://news.google.com/

    🔥 TRENDING 📢 Zaměstnanec GitHubu si nainstaloval malware do VS Code, hackeři okamžitě vykradli 3 800 interních repozitářů - Cnews.cz 🔗 https:// news.google.com/rss/articles/C BMi0gFBVV95cUxOektPaGZfLXBWa2VITlNWd1Y3dFo5R2NKNE5jTS1EUndIRGlpV0hmQlJFRVBrem1ham43dXlHV2VvejFqZnB4ekFFT2…

    LINKS news.google.com/…/CBMi0gFBVV95cUxOektPaGZ…

RELATED ENTITIES

RELATED TOPICS